add explicit_bzero to libc. implementation subject to change, but start

the ball rolling. ok deraadt.
author: tedu <> 2014-01-22 21:06:45 +0000
committer: tedu <> 2014-01-22 21:06:45 +0000
commit: 4fa31e96a25424fef44451ad022218b3233f54f3 (patch)
tree: 720c5274efe0595e27c584f2d90331efa736ad03
parent: a263ce82893e1ce0d825e878afa7914f21507549 (diff)
download: openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.tar.gz
openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.tar.bz2
openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.zip
3 files changed, 37 insertions, 4 deletions
diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc
index 9d6d1b2368..1cbb54b3b5 100644
--- a/src/lib/libc/string/Makefile.inc
+++ b/src/lib/libc/string/Makefile.inc
@@ -1,9 +1,9 @@
-#       $OpenBSD: Makefile.inc,v 1.32 2013/12/19 20:52:37 millert Exp $
+#       $OpenBSD: Makefile.inc,v 1.33 2014/01/22 21:06:45 tedu Exp $
 # string sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
-SRCS+=  bm.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
+SRCS+=  bm.c explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
        strcasecmp.c strcasestr.c strcoll.c strdup.c \
        strerror.c strerror_r.c strlcat.c strmode.c strndup.c strnlen.c \
        strsignal.c strtok.c strxfrm.c \
@@ -155,6 +155,7 @@ MAN+=	bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \
        wmemset.3
 MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3
+MLINKS+=bzero.3 explicit_bzero.3
 MLINKS+=memchr.3 memrchr.3
 MLINKS+=stpcpy.3 stpncpy.3
 MLINKS+=strchr.3 index.3
diff --git a/src/lib/libc/string/bzero.3 b/src/lib/libc/string/bzero.3
index 1fd5da81b5..8476eb863e 100644
--- a/src/lib/libc/string/bzero.3
+++ b/src/lib/libc/string/bzero.3
@@ -27,9 +27,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: bzero.3,v 1.9 2013/06/05 03:39:23 tedu Exp $
+.\"     $OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $
 .\"
-.Dd $Mdocdate: June 5 2013 $
+.Dd $Mdocdate: January 22 2014 $
 .Dt BZERO 3
 .Os
 .Sh NAME
@@ -39,6 +39,8 @@
 .In string.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
+.Ft void
+.Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@@ -51,6 +53,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory such as a
+password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@@ -59,3 +67,7 @@ The
 .Fn bzero
 function first appeared in
 .Bx 4.2 .
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5 .
diff --git a/src/lib/libc/string/explicit_bzero.c b/src/lib/libc/string/explicit_bzero.c
new file mode 100644
index 0000000000..fd2948ca44
--- /dev/null
+++ b/src/lib/libc/string/explicit_bzero.c
@@ -0,0 +1,20 @@
+/*      $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+        bzero(p, n);
+}
author	tedu <>	2014-01-22 21:06:45 +0000
committer	tedu <>	2014-01-22 21:06:45 +0000
commit	4fa31e96a25424fef44451ad022218b3233f54f3 (patch)
tree	720c5274efe0595e27c584f2d90331efa736ad03
parent	a263ce82893e1ce0d825e878afa7914f21507549 (diff)
download	openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.tar.gz openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.tar.bz2 openbsd-4fa31e96a25424fef44451ad022218b3233f54f3.zip